[cabfpub] Naming rules

Ryan Sleevi sleevi at google.com
Sun Mar 5 04:09:09 UTC 2017


On Sat, Mar 4, 2017 at 5:55 PM, Kirk Hall via Public <public at cabforum.org>
wrote:

> *Li-Chun -- can you solve your problem simply by following the rules in BR
> 9.16.3*?
>

I appreciate you raising this, Kirk, but let's be very careful here with
what you're proposing.

The existence of local law regarding the DIT does NOT apply for this
section. This section ONLY applies to the extent that local laws governs
ALL forms of certificate issuance.

Concretely, the existence of the US FPKI, for example, does not in and of
itself allow a CA to violate the BRs in order to comply with the US FPKI,
since there's no local law in the US, as you're no doubt aware, that
requires all CAs conform to the US FPKI.

Peter's point is extremely relevant - the existence of alternative PKIs is
something that a number of jurisdictions share, but the extent of 9.16.3
ONLY applies to the set of mandates that apply to _all_ PKIs.

9.16.3 is the "option of last resort" - and may still result in a CA being
distrusted by browser programs, to be clear.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170304/60044f89/attachment-0003.html>


More information about the Public mailing list